Not So Fast BlackBerry, You’re Not as Secure as We Thought

 

Love or hate them, BlackBerrys have long been considered the standard for smartphone security. With countries from India to Saudi Arabia to even the United States now all wanting a way to decrypt encrypted messages sent back and forth between the devices, you would think they have some kind of mystical security protection other companies cannot match. Wrong. While the BlackBerry platform certainly is much more secure than most other smartphones available, it still has some gaping holes in its security. In fact, a Russian security company—ElcomSoft—is selling software now that can decrypt the backup data from a BlackBerry in a mere three days.

The software package is called ‘Phone Password Breaker’ and retails for a mere $79 or $199 depending on if you opt for the home or professional edition. Because it uses your computer’s GPU (graphics processing unit) to do some of the heavy math lifting, it can dramatically decrease the time needed to crack the password to encrypted BlackBerry data. Before the Apple fanboys and fangirls start throwing rocks, keep in mind that the software works on the iPhone and iPod touch as well.

Of course, the BlackBerry actually does have more a security flaw here than iOS, because according to ElcomSoft’s CEO, “Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form.” Apparently, the iOS devices being backed up encrypt their own data and then sends it to iTunes. An enterprising hacker could just intercept the BlackBerry backup on its way to the BlackBerry Desktop Software (BlackBerry Protect and wireless backups anyone?) and have full access immediately. Scary.

So the BlackBerry isn’t invulnerable to security attacks. Who knew? Hopefully RIM gets this flaw fixed quickly, because I’m sure this software has already made its way onto BitTorrent and other peer to peer file sharing sites. Really, what hacker actually pays for software?

Scared? Worried? Going to be making a longer, more difficult to crack password for your backups from now on? Let me know what you think of this news. Frankly, I thought the age of digital encryption meant we didn’t have to worry about all of our stuff being stolen. I guess I was wrong.

Tags: , , ,